toggle

AAPL Stock: 433.26 ( -1.32 )

http://www.macnn.com/articles/04/05/04/apple.security.advistories/

Apple criticized for security advisories

updated 10:00 pm EDT, Tue May 4, 2004

 

Apple security advistories


Security analysts are , saying that the company is severely downplaying the seriousness: "Five vulnerabilities released Monday affect various components of the Mac OS X operating system. The greatest threat is a buffer overflow in the Apple file-sharing system that could allow a remote attacker to take over control of the system. But the company described it as a correction 'to improve the handling of long passwords.'... Most security companies normally classify a remotely exploitable software flaw as a 'critical' vulnerability."


by MacNN Staff

Post tools:

TAGS :

 Apple

Related Articles

Recent Articles

toggle

Comments

  1. phillymjs

    Fresh-Faced Recruit

    Joined: Jun 2000

    0
    05/04, 10:24pm | report spam | Reply |

    Pfft

    It's a ZDNet article, so you know it's 100% objective. ;-)

    From the article:
    "They are not characterizing the issue so that people can make a security decision about it," said Chris Wysopal, vice president of research and development at @Stake, a digital security firm that found the flaw and reported it to Apple. "It seems they think that everyone will update their computers all the time, and that is not the way the world works."

    That's not the way the *Windows* world works, bub, because the dumb users don't know to update and the smart users are afraid to update lest the update break a critical app. Mac users *always* install their patches-- we might wait up to a week to make sure everything's cool, but we always install our patches.

  1. JeffHarris

    Fresh-Faced Recruit

    Joined: Oct 1999

    0
    05/04, 10:50pm | report spam | Reply |

    Song of the Shill

    Leave to ZDNet.

    Apple actually PLUGGED the security holes, BEFORE they were widely reported... and ZD complains.

    Windows, that a huge block of Swiss cheese at a picnic surrounded by ants, flies and maggots, and does ZD complain? Nah.

  1. graey

    Fresh-Faced Recruit

    Joined: Jan 2002

    0
    05/04, 11:30pm | report spam | Reply |

    Oooh...

    Let's see...how many systems had the vulnerability exploited, (other than the ones in the hands of the "security" people)? Would that be...none? If none were compromised then I fail to see how it is "critical".....maybe it's just me.

  1. LouZer

    Fresh-Faced Recruit

    Joined: Nov 2000

    0
    05/05, 01:46am | report spam | Reply |

    Question

    Isn't the fact they're releasing a security update info enough to know there's a problem. I mean, who reads MS security bulletins? They just know "Hey, there's a security patch available, it must be important". Most users don't read each one going "Hmm, according to this its only a problem if I receive an email containing a movie file with a real long file name and someone says the word 'p****'. I don't get movies, so I'll ignore that one...

    Oh, and to the guy who says its not critical because no one's broken it yet, keep in mind that Sasser chews through a HUGE hole in XP, but the fix for it was released as 'critical' not because it was a problem, but because it COULD be a serious problem (gee, just like it is). At least the Apple file being whined about requires you to have file sharing turned on and all that kind of fun. The Sasser worm just infects anyone unpatched, without the user necessary being the wiser.

  1. vortexlift

    Fresh-Faced Recruit

    Joined: Mar 2004

    0
    05/05, 06:25am | report spam | Reply |

    The Sky Is Falling!

    Boy, it's sure nice know people in the internet security biz knows how to scare up some business! : o
    Sarcasm aside, does anyone know of a single piece of malicious code loose in the "wild" that exploits any of the recent batch of "security holes" that's been discovered?

  1. Nitride

    Fresh-Faced Recruit

    Joined: Sep 2001

    0
    05/05, 09:49am | report spam | Reply |

    Buffer Overflow Overhype

    Buffer Overflows are about as bad as iChat AV crashing in the middle of a steamy chat with your girlfriend. Frustrating, embarrassing and easy to forget about.

    There is simply no way to execute random code via a buffer overflow using a "specially crafted file" on the Macintosh platform. The fundamental differences in the processor and OS from Intel makes this impossible.

    Now, you could somehow get a rogue file on a user's system, crash a daemon and when it restarted it could load a compromised file somehow, but that is entirely different than what these overzealous security experts are screaming about.

    This scenario however requires a significant series of steps to gain access to a user's system and also admin or 'root' priveleges to install compromised files and then crash a daemon.

    So far Apple's most serious compromises require a person to be physically seated in front of a Mac OS X computer to gain access of some level.

    And all security fixes are rolled into each other or in general Mac OS X updates, and based on my reading of web logs and email headers most Mac people on the internet are fully up to date.

  1. Nitride

    Fresh-Faced Recruit

    Joined: Sep 2001

    0
    05/05, 09:56am | report spam | Reply |

    BTW

    No one seems all that upset that a large number of grocery stores were all but shutdown by the latest Windows virus, at least in the South East area.

    The stores could not process any network-based transactions (checks, CCs, Debit cards) at all due to the shutdown of the network either due to or to help stop the latest virus on Windows.

    We repeatedly told the store to put out a sign, but of course that would drive away non-cash business instead of keeping people in the store shopping only to find out they must wait 15 minutes for their checkout process to be completed manually with a telephone call.

    The pharmacy was shutdown because of this as well. All because some kid somewhere didn't get enough attention from his Baby Boomer parents.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

Brother HL-3170CDW LED Printer

We've mentioned before that we are far from a paperless society. For now, at least, there are tasks that require a piece of paper for ...

HTC One

It is hard to overstate just how critically important the HTC One is to the Taiwanese company’s fortunes. Despite its alarming decline ...

toggle

Most Commented

 

Popular News